Transcription

1 Computer Modelling and New Technologies, 2011, Vol.15, No.4, Transport and Telecommunication Institute, Lomonosov 1, LV-1019, Riga, Latvia BUILDING LINUX VIRTUAL SERVER BY NETWORK ADDRESS TRANSLATION TECHNOLOGY A. Amandossov Kazakh British Technical University, Faculty of Information Technologies Tole-bi 59, Almaty, Kazakhstan Linux virtual server is a technology of building failover architecture server systems which will automatically balance the load from requests. This technology works on Linux based servers especially on Debian and Red Hat operating systems because they have patched kernel. This technology is used for the web servers of Wikipedia project. The main goal is to create load balancing server system based on Linux Virtual Server technology (Figure 1) and network address translation system. Load balancing servers will be based on Red Hat Linux while real servers can run mostly any operating system. Linux virtual server based systems can operate with great efficiency. The main idea of this architecture is when one load balancer will be broken down second load balancer will be able to connect virtual IP address to the real IP address and work instead of the first load balancer. Keywords: Linux, Linux virtual server, LVS, network address translation, NAT, failover architecture, load balancing, real server, virtualisation 1. Introduction Every load balancer during the work will balance the load between three real servers. The amount of transferred packets varies due to the special relative number which will show the operating efficiency of each real server. For example, if real server will have operating efficiency 10, the second server 34 and the third server will have operating efficiency 75, then at one moment of time they will receive amount of packets proportionally to each number. Figure 1. Linux Virtual Server 58

2 An LVS cluster consists of one or more virtual services each may have zero or more real servers. The IP address of a virtual service is what end-users connect to and is typically advertised over DNS. When a connection is made to a virtual service, it is allocated a real server, and all packets for this connection are forwarded to this real server. Piranha is a daemon to monitor and administer servers in a LVS cluster of load balanced virtual servers. Piranha monitors the health of the real servers by periodically requesting a known script and checking that the response contains an expected output. If a real server fails then the server is removed and will be reactivated once it comes back on line. Here is an example of load balancing system, which will contain 2 load balancer and 3 real servers built on network address translation technology. 2. Configuration of Load Balancer 1 First of all we need to configure the services, which will be started during the boot: /sbin/chkconfig --level 35 piranha-gui on /sbin/chkconfig --level 35 pulse on /sbin/chkconfig --level 35 sshd on To see the list of services type: /sbin/chkconfig list Then we need to create a password for piranha user: /usr/sbin/piranha-passwd Also we need to turn on the packet forwarding by editing information in the text file /etc/sysctl.conf, the line net.ipv4.ip_forward = 0 should be changed to net.ipv4.ip_forward=1. To check the state of ipforwarding we need to type: /sbin/sysctl net.ipv4.ip_forward To turn on ipforwarding manually type: /sbin/sysctl w net.ipv4.ip_forward=1 Configuration of network interfaces: Edit the file /etc/sysconfig/network-scripts/ifcfg-eth2 to look as follows: DEVICE= eth2 IPADDR= GATEWAY= Edit the file /etc/sysconfig/network-scripts/ifcfg-eth3 to look as follows: DEVICE= eth3 IPADDR=

3 Network interfaces should look as follows (Figure 2): Figure 2. Network interfaces 3. Configuration of Load Balancer 2 First of all we need to configure the services, which will be started during the boot: /sbin/chkconfig --level 35 pulse on /sbin/chkconfig --level 35 sshd on Also we need to turn on the packet forwarding by editing information in the text file /etc/sysctl.conf, the line net.ipv4.ip_forward = 0 should be changed to net.ipv4.ip_forward=1. To check the state of ipforwarding we need to type: /sbin/sysctl net.ipv4.ip_forward To turn on ipforwarding manually type: /sbin/sysctl w net.ipv4.ip_forward=1 Configuration of network interfaces. 60

4 Edit the file /etc/sysconfig/network-scripts/ifcfg-eth2 to look as follows: DEVICE= eth2 IPADDR= GATEWAY= Edit the file /etc/sysconfig/network-scripts/ifcfg-eth3 to look as follows: DEVICE= eth3 IPADDR= Configuration of Real Servers 1, 2, 3 Edit the file /etc/sysconfig/network-scripts/ifcfg-eth0 to look as follows: DEVICE= eth0 IPADDR= ( ) GATEWAY= Also we need to turn on these services: /sbin/chkconfig --level 235 httpd on /sbin/chkconfig --level 35 sshd on And we need to create an index.html file in /var/www/html folder with such content: <html> <head> <title>hello Page</title> </head> <body bgcolor= white text= blue > <h1>this is RealServer #1<h1> (RealServer#2 RealServer#3 ) </body> </html> We need to open /etc/httpd/conf/http.conf file and uncomment line "Linsten :80" and change it to "Linsten :80" ( and ), then comment the line "Listen 80" The status of httpd need to be checked by command: /etc/init.d/httpd status If httpd is not running then we need to start it by command: /etc/init.d/httpd start Now let s enter the Piranha program on the LoadBalancer1 by opening a browser and typing: localhost:3636 Login: piranha Password: (the password that we set up previously) 61

7 All configurations will be stored in /etc/sysconfig/ha/lvs.cf Also we need to synchronize lvs.cf files between LoadBalancer1 and LoadBalancer2 by running next command on the LoadBalancer1: scp /etc/sysconfig/ha/lvs.cf :/etc/sysconfig/ha/lvs.cf Check script: #!/bin/sh TEST= dig -t soa grep -c dns.example.com if [$TEST!=1 "1" ]; then echo "OK" else echo "FAIL" fi At the next step we will configure iptables on LoadBalancer1, LoadBalancer2, RealServer1, RealServer2 and RealServer3. For the first check we can just turn off iptables on every server by commands: /etc/init.d/iptables save /etc/init.d/iptables stop To check the state of iptables use the following command: /sbin/iptables -L n If we need to edit iptables we can use such commands as: Iptables A FORWARD -s d p tcp --dport 80 -j ACCEPT INPUT, OUTPUT, FORWARD parameters for different traffic -s means ip address for incoming packages -d means ip address for outcoming packages -p means port -dport means destination port ACCEPT means accept REJECT send the package back DROP just send the package to /dev/null iptables D INPUT 4 (here D means delete, INPUT the option, witch can take such values as INPUT,OUPUT, FORWARD, and 4 is the number of the line in INPUT, OUTPUT or FORWARD list) Conclusions To check the system we need open browser from the computer with ip and type into the browser and we will see the HTML page. Now we can check the redundancy of the system by unplugging load balancing servers or any real server. References 1. Tchantchaleishvili, V., Schmitto, J. D. (2011). Preparing a scientific manuscript in Linux: today s possibilities and limitations. BMC Res Notes, 4, Doi: / , from 2. Raggi, E., Thomas, K., Van Vugt, S. (2011). Understanding Linux Users and File Permissions. N.-Y.: Apress. 3. Hou, Zh., Zuo, X., Ma, Yu., Yu, Zh. (2011). The Research on Banking Cluster System Based on Linux Virtual Server, School of Information Engineering. XinXiang, China, H. Tan and M. Zhou (Eds.), CSE 2011, Part I, CCIS 201 (pp ). Henan Institute of Science and Technology. Berlin-Heidelberg: Springer-Verlag. 64

Linux firewall Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users Linux firewall Linux is a open source operating system and any firewall

Install Cacti Network Monitoring Tool on CentOS 6.4 / RHEL 6.4 / Scientific Linux 6.4 by SK Cacti is an open source, front-end for the data logging tool called RRDtool. It is a web based network monitoring

Linux Networking What is a network? A collection of devices connected together Can use IPv4, IPv6, other schemes Different devices on a network can talk to each other May be walls to separate different

The following guide will help you to setup the hosts, in case you want to run multiple websites on your VPS. This is similar to setting up a shared server that hosts multiple websites, using a single shared

How to Turn a Unix Computer into a Router and Firewall Using IPTables by Dr. Milica Barjaktarovic Assistant Professor of Computer Science at HPU Lecture from CENT370 Advanced Unix System Administration

Firewall Lab This lab will apply several theories discussed throughout the networking series. The routing, installing/configuring DHCP, and setting up the services is already done. All that is left for

Linux Squid Proxy Server Descriptions and Purpose of Lab Exercise Squid is caching proxy server, which improves the bandwidth and the reponse time by caching the recently requested web pages. Now a days

Assalam-u-alaikum, This howto is also a bit old now. But I thought of uploading it in the howtos section, as it still works. Created : Mid 2007 Last updated: Mid 2007 The following link is very nice tutorial

Lab 6: Dynamic Host Configuration Protocol The purpose of this lab is to configure a DHCP server for multiple subnets. You will configure additional options along with an IP address and netmask, and you

1:1 NAT in ZeroShell Requirements The version of ZeroShell used for writing this document is Release 1.0.beta11. This document does not describe installing ZeroShell, it is assumed that the user already

High Availability and Load Balancing for Basic Dialogic PowerMedia Extended Media Server (XMS) Configurations Using the Linux Virtual Server Framework Introduction As more and more critical telecom applications

Linux Firewalls (Ubuntu IPTables) II Here we will complete the previous firewall lab by making a bridge on the Ubuntu machine, to make the Ubuntu machine completely control the Internet connection on the

ClusterLoad ESX Virtual Appliance quick start guide v6.3 ClusterLoad terminology...2 What are your objectives?...3 What is the difference between a one-arm and a two-arm configuration?...3 What are the

The information presented should act as a guide to Red Hat Linux networking. It is intended to be accompanied with training and self study. To access most of these items you will need to have root access,

Deploy the ExtraHop Discover Appliance with Hyper-V 2016 ExtraHop Networks, Inc. All rights reserved. This manual, in whole or in part, may not be reproduced, translated, or reduced to any machine-readable

I N S T A L L A T I O N M A N U A L 2015 Fastnet SA, St-Sulpice, Switzerland. All rights reserved. Reproduction in whole or in part in any form of this manual without written permission of Fastnet SA is

Firewalling and Network Security I -Linux Jeff Muday Academic Computing Specialist Wake Forest University Objectives: Firewalling and Network Security After completing this module you should be able to

CS 5410 - Computer and Network Security: Firewalls Professor Kevin Butler Fall 2015 Firewalls A firewall... is a physical barrier inside a building or vehicle, designed to limit the spread of fire, heat

MULTI WAN TECHNICAL OVERVIEW The Multi WAN feature will allow the service provider to load balanced all client TCP and UDP traffic only. It also provides redundancy for HA. Traffic that is load balanced:

APPENDIXE This module provides basic guidelines for the (VCS) configuration in a Subscriber Manager (SM) cluster installation. It assumes basic knowledge of the VCS environment; it does not replace the

Introduction to Operating Systems It is important that you familiarize yourself with Windows and Linux in preparation for this course. The exercises in this book assume a basic knowledge of both of these

Syncplicity On-Premise Storage Connector Implementation Guide Abstract This document explains how to install and configure the Syncplicity On-Premise Storage Connector. In addition, it also describes how

GRAVITYZONE HERE Deployment Guide VLE Environment LEGAL NOTICE All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including

CS 5410 - Computer and Network Security: Firewalls Professor Patrick Traynor Spring 2015 Firewalls A firewall... is a physical barrier inside a building or vehicle, designed to limit the spread of fire,

How to set up multiple web servers (VMs) on XenServer reusing host's static IP In this document we show how to: configure ip forwarding and NAT to reuse single ip by VMs and host create private network

HIGH AVAILABILITY (HA) WITH OPENSIPS Setting up the HA Environment Norm Brandinger SIP Transport SIP is able to be transmitted using Multiple Protocols such as: UDP, TCP, or TCP with TLS (SSL) encryption